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THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even If timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 
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1 )|3 Responsive to communication(s) filed on 03 June 2005 . 
2a)\Z\ This action is FINAL. 2b)S This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1-24 and 26 is/are reiected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 



Claim Rejections - 35 USCalOS 

1 . This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1 .56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the applicability of 35 U.S.C. 1038 and 
potential 35 U.S.C. 102(f) or (g) prior art under 35 U.S.C. 103(a). 

2. The following is a quotation of 35 U.S.C. 103(a) which forais the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made, 

1 . Claims 1 1-24, 26 are rejected under 35 U.S.C, 103(a) as being unpatentable Reid et al. 
with US Patent No. 6,182,226 in view of Antur et al. with Patent Number 6,212,558. 

2. As per claim(s) 1 1,23, Reid discloses a configuration machine (See Column 3 Lines 26- 
35) including domains (i.e., servers & workstations) having an access control policy and an 
established configuration machine (i.e., Firewall SECURE ZONE (34)), (See Column 2 Lines 
53-67) for grouping the domains) of the system into internal and external protection domains, 
col. 2, lines 61-64, a firewall ensuring the protection of an internal domain relative to an external 
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domains, and means for applying to the firewall in question a rule (i.e., access rules) for 
controlling access between a source resource and a destination resource only if said source and 
destination resources belong to the same protection domain or (See Column 5 Lines 32-67 & 
Column 6 Lines 1-19). Reid teaches firewalls to protect internal domains from external 
domains/regions, col. 3, lines 8-9 and each domain has internal networks of a subnetwork as 
"Company Private Net", col. 2, lines 55-56 and external domains as the "Internet", col. 2, lines 
55 as defined by an administrator, col. 5, lines 3-5. Reid teaches groups including zones, col. 10, 
Hues 53-54. Reid teaches access control rules with specific scopes, col. 5, lines 53-57 and 
whether to apply said rules, col. 5, lines 61-63. Reid teaches the invention in the above claim(s) 
except for explicitly teaching central management or machines. In that Reid operates to generate 
service requests in a firewalled network, the artisan would have looked to the network firewall 
arts for details of implementing access controls. In that art, Antur, a related network firewall 
adapter, teaches "central points of administration for entire networks", col. 3, lines 51-52 in order 
to access rules. Antur specifically teaches central management, col. 6, lines 47-49. Further, 
Antur suggests "a central database", col. 8, lines 43-45 will result from implementing his 
management. The motivation to incorporate central management insures that control is 
maintained. Thus, it would have been obvious to one of ordinary skill in the art to incorporate 
central management as taught in Antur into the security system described in the Reid patent 
because Reid operates with various management systems and Antur suggests that optimization 
can be obtained with central management. Therefore, by the above rational, the above claim(s) 
are rejected. 
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L As per claim(s) 12, Reid teaches the claimed invention as described in claim(s) 1 1 above 
and furthermore discloses determining the protection domain of the resources by means of 
firewall network interfaces through which communications pass in order to reach said resources, 
(See Column 3 Lines 17-30). 

2. As per claim(s) 13, Reid teaches the claimed invention as described in claim(s) 11-12 
above and furthermore discloses defining zones, (i.e., DMZ), (See Column 3 Lines 1-15) 
comprising networks or sub-networks, associating the network interfaces of firewalls to which 
said zones; wherein provides protected access to server to internal user & extemal entities are 
connected with an intemal or extemal domain, determining the incoming and outgoing network 
interfaces, (See Column 4 Lines 49-67 & Column 5 Lines 1-15) of current traffic, analyzing 
whether said network interfaces are attached to an intemal or extemal domain, and applying the 
rule for controlling access only if both network interfaces are attached to the same intemal 
domain, and the resources belong to the same protection domain, (See Column 3 Lines 19-40). 

3. As per claim(s) 14, Reid teaches the claimed invention as described in claim(s) 11-13 
above and furthermore discloses composes groups of objects (i.e., regions) for which the access 
control policy is identical (i.e., same regions) and the mle for controlling access is applied 
between each of the resources of a source group and a destination group, (See Column 4 Lines 
49-67 & Column 5 Lines 1-15). 
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4. As per claim(s) 15, Reid teaches the claimed invention as described in claim(s) 1 1-14 
above and furthermore discloses it composes groups of objects (i.e., regions) for which the 
access control policy is identical (i.e., same regions) and the rule for controlling access is applied 
between each of the resources of a source group and a destination group, (See Column 4 Lines 
49-67 & Column 5 Lines 1-15). 

5. As per claim(s) 16, Reid teaches the claimed invention as described in claim(s) 11-15 
above and furthermore discloses composes groups of objects (i.e., regions) for which the access 
control policy is identical (i.e., same regions) and the rule for controlling access is applied 
between each of the resources of a source group and a destination group, (See Column 4 Lines 
49-67 & Column 5 Lines 1-15). 

6. As per claim(s) 17, Reid teaches the claimed invention as described in claim(s) 11-16 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to wwav 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
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the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

7. As per claim(s) 1 8, Reid teaches the claimed invention as described in claim(s) 11-17 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
applied throughout the network such as "filter nodes" where the rule is applied to w^ww 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in quesfion when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

8. As per claim(s) 19, Reid teaches the claimed invention as described in claim(s) 11-18 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to vmw 
connections where www is the entire network; it is therefore the examiners humble request that 
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the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

9. As per claim(s) 20, Reid teaches the claimed invention as described in claim(s) 11-19 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is cormected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to wvm 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

10. As per claim(s) 21, Reid teaches the claimed invention as described in claim(s) 1 1-20 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
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firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to www 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain (5) or (6) when the scope of the rule is local, and 
applying the rule to all of the resources in question when the scope of the rule is global, (See 
Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

11. As per claim(s) 22, Reid teaches the claimed invention as described in claim(s) 11-21 
above and furthermore discloses characterizing the rule for controlling access with a local or 
global scope; wherein a local scope is interpreted as rules that are specific to the network the 
firewall is connected to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" 
where only the specific users are affected to the applied rules; Similarly, global scope rules are 
rules applied throughout the network such as "filter nodes" where the rule is applied to www 
connections where www is the entire network; it is therefore the examiners humble request that 
the applicant read the cited column and line numbers to its entirety to gain full understanding of 
the rules defined in the reference, applying the rule to the resources in question only if said 
resources belong to the same protection domain when the scope of the rule is local, and applying 
the rule to all of the resources in question when the scope of the rule is global, (See Column 5 
Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 
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12. As per claim(s) 24, Reid teaches the claimed invention as described in claini(s) 23 above 
and furthermore discloses it further comprises a graphical interface from which an administrator 
can enter the domains and the access control rules, (See Column 7 Lines 8-39). 

3. As per claim(s) 26, Reid teaches the claimed invention as described in claim(s) 23-25 
above and furthermore discloses the graphical interface allows the administrator to define a local 
or global scope for the access control rule, wherein a local scope is interpreted as rules that are 
specific to the network the firewall is connected to, such as, "allow or deny terminal nodes" or 
"decision nodes" or 'alerts" where only the specific users are affected to the applied rules; 
Similarly, global scope rules are rules applied throughout the network such as "filter nodes" 
where the rule is applied to www connections where www is the entire network; it is therefore 
the examiners humble request that the applicant read the cited column and line numbers to its 
entirety to gain full understanding of the rules defined in the reference, and in that the machine 
applies the rule to the resources in question only if said resources belong to the same protection 
domain when the scope of the rule is local, and applies the rule to all of the resources in question 
when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 
7 Lines 1-59). 



Response to Amendment 
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1 . Based on the new grounds for rejection the applicants arguments are moot. The broad 
claim language used is interpreted on its face and based on this interpretation the claims have 
been rejected. 

2. The limited structure claimed, without more functional language, reads on the references 
provided. Thus, Applicant's arguments can not be held as persuasive regarding patentability. 

3. Applicant suggests "the claims are clearly distinguishable from the references of record" 
Paper Filed 6/3/05, Page 8, lines 20-21. However, Reid teaches "this example shows that the 
Internal region is hidden from all others", col. 17, lines 22-23. The references should not be read 
in a vacuum, the teachings are not mutually exclusive, and must be taken in context of what was 
reasonable based on the subject matter as a whole as would have been understood at the time the 
invention was made to a person having ordinary skill in the art to which the subject matter 
pertains. The descriptions in the references are not obfuscated by the numerous other suggested 
usages of said description in the reference. In addition, implicitly, impliedly and inferentially, 
various network configurations are taught and language identical or verbatim is not required in 
an obvious rejection. Note that reasonable "inferences", and "common sense" may be 
considered in formulating rejections for obviousness. Specifically, In re Preda, 401 F.2d 825, 
159 USPQ 342, 344 (CCPA 1968) states "in considering the disclosure of a reference, it is 
proper to take into account not only specific teachings of the reference but also the inferences 
which one skilled in the art would reasonably be expected to draw therefrom." Also, In re 
BozeK 416 F.2d 738, 163 USPQ 545, 549 (CCPA 1969) states that obviousness may be 
concluded from "common knowledge and common sense of the person of ordinary skill in the art 
without any specific hint or suggestion in a particular reference". Additionally, see In re 



Application/Control Number: 09/740,801 



Page 1 1 



Art Unit: 2142 

Gauerke, 24 CCPA 725, 86 F.2d 330, 31 USPQ 330, 333 (CCPA 1936), and In reLibby, 45 
CCPA 944, 255 F.2d 412, 118 USPQ 94, 96 (CCPA 1958), and/« reJacoby, 309 F.2d 738, 125 
USPQ 317, 319 (CCPA 1962), and In re Wiggins, 488 F.2d 538, 543, 1979 USPQ 421, 424 
(CCPA 1973). Thus, Applicant's arguments can not be held as persuasive regarding 
patentability. 



4. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Stephan Willett whose telephone number is (571)272-3890, The 
examiner can normally be reached Monday through Friday from 8:00 AM to 6:00 PM. 



supervisor, Rupal Dharia, can be reached on (571)272-3880. The fax phone number for the 
organization where this application or proceeding is assigned is (571)272-0044. 
6. Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (571)272-2100. 



Conclusion 



5. 



If attempts to reach the examiner by telephone are unsuccessfril, the examiner's 




Stephan Willett 



Patent Examiner 



July 8, 2005 



